Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
Date:	Tue, 1 Dec 2020 16:23:18 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0

Hi Prasad,

On 12/1/20 4:00 PM, P J P wrote:
> * I was thinking about checking 'elementary_transfer_size' against 
>   'byte_count_limit', but that did not work out. The loop is confusing there,
>   it first sets elementary_size = size and subtracts the same   

If the code is confusing, you can rewrite in a less confuse way :)
That way the problem are easier to notice.

> * I tested the patch with a reproducer and it helped to fix the crash.

[thread hijack]

About reproducer, Michael asked about CVE-2020-24352 (ati_vga OOB in
ati_2d_blt) this morning. What happens to reproducers when a CVE is
assigned, but the bug is marked as "out of the QEMU security boundary"?

Is it possible to release the reproducer to the community, so we can
work on a fix and test it?

Thanks,

Phil.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Paolo Bonzini, 2020/12/01
- Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, P J P, 2020/12/01
  - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Philippe Mathieu-Daudé <=
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Peter Maydell, 2020/12/01
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Paolo Bonzini, 2020/12/01
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Paolo Bonzini, 2020/12/01
  - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Paolo Bonzini, 2020/12/01
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Markus Armbruster, 2020/12/02
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, P J P, 2020/12/02
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Paolo Bonzini, 2020/12/02
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Philippe Mathieu-Daudé, 2020/12/02
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, P J P, 2020/12/03
    - Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end, Wenxiang Qian, 2020/12/11

Prev by Date: Re: [PATCH v2 21/28] hw/intc/armv7m_nvic: Correct handling of CCR.BFHFNMIGN
Next by Date: Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
Previous by thread: Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
Next by thread: Re: [PATCH] ide:atapi: check io_buffer_index in ide_atapi_cmd_reply_end
Index(es):
- Date
- Thread